AP 10663 
Claims 

1-8 Canceled 

9. (New) A method for the prevention of erroneous actuator access in a multifunctional 
general electronic control system wherein the actuator access requirements 
emanate from various or different system services (1), the method comprising: 

determining authorization of a system service for changing an instantaneous mode 
of operation of a general control system in the event of an actuator access 
requirement; 

changing a mode of operation according to predefined rules in consideration of the 
instantaneous mode of operation; 

reporting the current mode of operation; and 

depending on the reported general mode of operation, allowing an actuator 
actuation only by an authorized system service and processes the actuator access 
requirements of the system services according to predefined arbitration rules. 

10. The method according to claim 9, wherein the access requirements are recorded in 
a memory and sent to an access management sorted according to types of 
arbitration. 

11. The method according to claim 9, wherein the access requirement originating from 
a system service and admitted to pass to an actuator is determined by a two-stage 
arbitration. 

12. The method as claimed in any one or more of claims 11, wherein the unauthorized 
access requirements are determined, eliminated or rejected in a first step 
depending on the reported, current general mode of operation, in a second step, 
vertical arbitration is used to evaluate and select the authorized access 
requirements according to a predefined order of priority of the types of arbitration, 
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and higher priority is given to a current signal rather than to a pressure signal, while 
higher priority is attributed to an ON/OFF signal rather than to a current signal, and 
in a third step, horizontal arbitration is used to evaluate and select the access 
requirements determined in the second step according to the priority of the signal 
for driving an actuator. 

13. The method according to claim 9, wherein the rights of the system services for 
the change of the mode of operation are written down in a read-only memory. 

14. A general control system for motor vehicles comprising: 

a rights management which determines authorization of a system services for 
changing an instantaneous mode of operation of the general control system in the 
event of an actuator access requirement, 

a mode of operation control unit (4) 

an access management (6) in that the rights management (2) in the event of an 
access requirement by a system service (1), brings about an adjustment or a 
change of the mode of operation according to predefined rules in consideration of 
the instantaneous general mode of operation of the general control system and 
reports the current mode of operation to the access management (6), and in that 
the access management (6), depending on the reported general mode of operation, 
allows an actuator actuation only by the 'authorized' system service (1) and 
processes the actuator access requirements of the system services (1) according to 
predefined arbitration rules; and 

a brake system (EHB, EMB), as system services (1) emanating from which are the 
actuator access requirements, the basic brake functions (BBF), wheel slip control 
functions (such as ABS, TCS, ESP), diagnosis functions (DIAG), motor pump 
control systems (MPA) and interfaces (BUS) are determined and checked by the 
rights management (2) in connection with the access management (5). 
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15. The system according to claim 14, wherein at least one further system services 
such as customer software (CSW) or steering functions (steer) is integrated into the 
general system. 

16. The system according claim 14, wherein a distinction is made in the mode of 
operation control unit between a normal mode of operation which occurs after 
termination of a starting phase in the absence of an error message, a starting 
phase mode of operation which applies until expiry of a predetermined period of 
time, until a minimum speed is reached for the first time, or until initial testing 
routines are completed, a diagnosis mode of operation , a customer software mode 
of operation which is initiated in a case of an actuator access requirement by an 
extraneous or auxiliary system, and a failsafe mode of operation indicating the 
presence of an error message. 
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